22 matches found
CVE-2020-10615
CVE-2020-10615 affects Triangle MicroWorks SCADA Data Gateway, specifically versions 3.02.0697–4.0.122 and 2.41.0213–4.0.122. The root cause is improper validation of the length of user-supplied data prior to copying into a fixed-length stack-based buffer, causing a stack-based buffer overflow. T...
CVE-2022-0369
CVE-2022-0369 affects Triangle MicroWorks SCADA Data Gateway. The flaw is in the Restore Workspace feature where user-supplied paths are not properly validated, enabling a remote attacker to execute code with SYSTEM privileges and bypass authentication. Documented as a directory traversal RCE vul...
CVE-2023-39462
CVE-2023-39462 affects Triangle MicroWorks SCADA Data Gateway. The vulnerability stems from improper validation in the processing of workspace files, allowing remote attackers to upload arbitrary files. Although authentication is required to exploit, the existing authentication mechanism can be b...
CVE-2023-39465
CVE-2023-39465 is tied to Triangle MicroWorks SCADA Data Gateway . The issue is in the TmwCrypto class, due to the use of a hard-coded cryptographic key and a hard-coded certificate, enabling remote disclosure of sensitive information without authentication. The vulnerability is documented across...
CVE-2020-10611
CVE-2020-10611 is a real, externally exploitable type-confusion vulnerability in Triangle MicroWorks SCADA Data Gateway (DNP3 Data Sets). The Red Hat and NVD entries confirm it affects versions 2.41.0213–4.0.122 and 3.02.0697–4.0.122, enabling remote code execution with no authentication required...
CVE-2013-2793
CVE-2013-2793 affects Triangle MicroWorks SCADA Data Gateway (v2.50.0309–v3.00.0616), DNP3 .NET Protocol components (v3.06.0.171–v3.15.0.369), and DNP3 ANSI C libraries (v3.06.0000–v3.15.0000). The vulnerability is improper input validation that allows an attacker to cause a denial of service (in...
CVE-2023-39463
The CVE-2023-39463 issue affects Triangle MicroWorks SCADA Data Gateway. The vulnerability lies in the trusted certification feature, specifically how OpcUaSecurityCertificateAuthorityTrustDir is handled, allowing an arbitrary file write with attacker-controlled data. This can let an attacker exe...
CVE-2014-2342
Triangle MicroWorks SCADA Data Gateway vulnerable to DoS via crafted DNP3 packets. Affected: versions before 3.00.0635. Root cause: incorrect input validation leading to uncontrolled resource consumption (IP-connected DoS; serial connections also impacted with physical access). Impact: denial of ...
CVE-2023-39458
Triangle MicroWorks SCADA Data Gateway contains a hard-coded default SSL certificate, allowing authentication bypass for network-adjacent attackers. The flaw is in certificate handling, enabling bypass of authentication on affected installations without required user interaction. Documents consis...
CVE-2023-39466
CVE-2023-39466 applies to Triangle MicroWorks SCADA Data Gateway. The vulnerability is in the get_config endpoint, where lack of authentication allows remote attackers to disclose sensitive information without credentials. Root cause: missing authentication prior to accessing get_config functiona...
CVE-2014-2343
The CVE concerns Triangle MicroWorks SCADA Data Gateway prior to 3.00.0635, where a crafted DNP3 request on a serial line can cause an input-validation-based DoS due to excessive data processing. A related Nessus entry and ICS-CERT advisory confirm a broader DoS risk in affected releases, with IP...
CVE-2023-39459
CVE-2023-39459 affects Triangle MicroWorks SCADA Data Gateway. The flaw is in the processing of workspace files where user-supplied paths are not properly validated before file operations, enabling a local attacker to create arbitrary files in the Administrator context by enticing a target to vis...
CVE-2013-2794
CVE-2013-2794 affects Triangle MicroWorks SCADA Data Gateway (v2.50.0309–v3.00.0616), DNP3 .NET Protocol components (v3.06.0.171–v3.15.0.369), and DNP3 ANSI C libraries (v3.06.0000–v3.15.0000). Root cause is improper input validation that can trigger an infinite loop, causing a DoS. IP-connected ...
CVE-2023-39461
Product and vulnerability context: Triangle MicroWorks SCADA Data Gateway. The issue is an arbitrary file write vulnerability in the handling of event logs, caused by improper sanitization of log output. The weakness can allow an attacker to write arbitrary files and, in combination with other vu...
CVE-2023-39467
Triangle MicroWorks SCADA Data Gateway is affected by an information-disclosure vulnerability related to the certificate web directory configuration. The flaw allows remote attackers to obtain sensitive data without authentication, via exposure of sensitive information in the application webroot....
CVE-2023-2186
CVE-2023-2186 affects Triangle MicroWorks SCADA Data Gateway
CVE-2023-39460
CVE-2023-39460 affects Triangle MicroWorks SCADA Data Gateway. The vulnerability lies in event log creation, where a user-supplied path is not properly validated before file operations, enabling directory traversal and arbitrary file creation. The root cause is inadequate validation of the path, ...
CVE-2023-39464
The CVE-2023-39464 entry describes a remote code execution vulnerability in Triangle MicroWorks SCADA Data Gateway related to an unquoted path in the GTWWebMonitorService executable. The flaw’s root cause is the service path containing spaces not surrounded by quotation marks, enabling an attacke...
CVE-2023-39468
Triangle MicroWorks SCADA Data Gateway is affected by CVE-2023-39468 via the DbasSectorFileToExecuteOnReset parameter handling, where an exposed dangerous function allows remote code execution in the SYSTEM context. The flaw requires authentication to exploit. Connected advisories (ZDI-23-1036 an...
CVE-2020-10613
Triangle MicroWorks SCADA Data Gateway is affected by CVE-2020-10613 (and related CVEs) in versions 2.41.0213–4.0.122 and 3.02.0697–4.0.122 due to an out-of-bounds read from improper validation of user-supplied data in DNP3 Data Sets. The vulnerability allows remote attackers to disclose sensitiv...
CVE-2023-39457
CVE-2023-39457 affects Triangle MicroWorks SCADA Data Gateway. The vulnerability stems from missing authentication in the default configuration, enabling a remote attacker to bypass authentication and execute arbitrary code with root privileges. Reported under ZDI-20501, the CVSSv3 vector is CVSS...
CVE-2023-2187
CVE-2023-2187 affects Triangle MicroWorks’ SCADA Data Gateway (versions